<?php

header("Content-type: text/html; charset=utf-8");

/** 注册登录类
 *
 * 描述:支持cookie和session 采用session必须手动开启session_start()
 *
 * 功能:  1 注册
 *      2 登录
 *      3 登录超时验证
 *      4 权限验证
 *      5 密码提示登录
 *      6 修改密码
 *      7 退出
 *
 * @author monkey lee
 * @date    2010-10-26
 *
 * */
class login {
    const ALL_SHELL = 'MYPASS';  //密钥

    private $form_user;             //登录的用户名
    private $form_password;         //登录的密码名
    private $form_cookie_time;      //登录的cookie保存时间名
    private $table_name;            //保存用户登录信息的数据库表名
    private $table_user;            //保存用户登录信息的数据库用户字段名
    private $table_password;        //保存用户登录信息的数据库密码字段名

    function __construct($form_user, $form_password, $table_name, $table_user, $table_password, $form_cookie_time='') {

        $this->form_user = $form_user;
        $this->form_password = $form_password;
        $this->form_cookie_time = $form_cookie_time;

        $this->table_name = $table_name;
        $this->table_user = $table_user;
        $this->table_password = $table_password;
    }

    /** 权限超时验证
     *
     * @param int    $time       该页面超时时间
     * @param string $login_path 超时后返回登录页面的路径
     *
     * */
    public function set_overtime($time, $login_path) {

        if (!$_SESSION['overtime']) {
            $_SESSION['overtime'] = time() + $time;
        } elseif ($_SESSION['overtime'] < time()) {
            setcookie('name', '');
            setcookie('shell', '');
            session_destroy();
            echo "<script type='text/javascript'>alert('登录超时,请重新登录');</script>";
            //echo "<script type='text/javascript'>location.href='".$login_path."';/script>";
            header("location:$login_path");
        } else {
            $_SESSION['overtime'] = time() + $time;
        }
    }

    /** 退出
     *
     * @param string $type 清除的会话类型
     *
     * */
    public function logout($type='cookie') {

        if ($type == 'cookie') {
//             setcookie('name','');
//             setcookie('shell','');
//             setcookie('id','');
            echo "<script type='text/javascript'>document.cookie=\"name=null\";document.cookie=\"shell=null\";document.cookie=\"id=null\";</script>";
        } elseif ($type == 'session') {
            unset($_SESSION['name']);
            unset($_SESSION['shell']);
            unset($_SESSION['id']);
        }
    }

    /** 登录
     *
     * @param string $path 登录成功后跳转页面
     * @param string $type 登录成功后设置会话类型
     *
     * */
    public function login_start($path, $type='cookie') {

        $pass = md5($_POST[$this->form_password]);
        $name = str_replace(" ", "", $_POST[$this->form_user]);
        $fet = mysql_query("select * from $this->table_name where `$this->table_user`='$name' and `$this->table_password`='$pass' and `del`!='1'");
        //$fet=mysql_query("select * from $this->table_name where (`$this->table_user`='$name' or `tel`='$name' or `email`='$name') and `$this->table_password`='$pass' and `del`!='1' and tid='257'");
        $row = mysql_fetch_assoc($fet);
        //Jc($row);
        if (!is_array($row)) {
            echo "<script type='text/javascript'>alert('用户名或密码错误');</script>";
            return false;
        } else {
            echo "<script type='text/javascript'>alert('登录成功!');</script>";
        }
        $id = $row['id'];
        //记录会员登录时间
        //mysql_query("update se_user set xian=" . time() . " where id=" . $id);
        if ($type == 'cookie') {
            $this->set_cookie($row['user'], $id, $pass, $path);
        } elseif ($type == 'session') {
            $this->set_session($row['user'], $id, $pass, $path);
        }
    }

    /**  权限验证
     *
     * @param  string   $type        权限验证会话类型
     * @param  string   $login_path  无权限验返回登录页面的路径
     * @param  boolean  $shell_id    数据表权限字段名
     * @param  int      $shell_value 该页面的权限值
     *
     * @return array    $row         返回该用户的信息数组
     *
     * */
    public function shell_check($type, $login_path, $shell_id=false, $shell_value=0) {

        if ($type == 'cookie') {
            $name = $_COOKIE['name'];
            $shell = $_COOKIE['shell'];
        } elseif ($type == 'session') {
            $name = $_SESSION['name'];
            $shell = $_SESSION['shell'];
        }

        $query = mysql_query("select * from $this->table_name where `$this->table_user`='$name'");
        $row = mysql_fetch_assoc($query);
        $shell_check = is_array($row) ? $shell === md5($row[$this->table_user] . $row[$this->table_password]) : false;
        if (!$shell_check) {
            return false;
        }

        if ($shell_id) {
            if ($row[$shell_id] > $shell_value) {
                echo '你的访问权限不够访问该页面';
                exit();
            }
        }

        return $row;
    }

    /**   注册
     *
     * @param string $path   注册成功页面跳转路径
     * @param string $type   注册成功设置会话类型
     *
     * */
    public function zhuce($path, $type='cookie') {

        $pass = md5($_POST[$this->form_password]);
        $_POST[$this->form_password] = $pass;
        $name = str_replace(" ", "", $_POST[$this->form_user]);
        $result = mysql_query("select * from $this->table_name where del!=1 and `$this->table_user`='$name'");
        $row = mysql_fetch_assoc($result);
        //Jc($row);
        if (is_array($row)) {
            header("Cache-Control:private");
            echo "<script type='text/javascript'>alert('该用户已注册');history.back();</script>";
            return false;
        } else {
            $sql = "insert into $this-> table_name (";
            foreach ($_POST as $key => $value) {
                $sql.= "$key,";
            }
            $sql = preg_replace('/,$/', '', $sql);
            $sql .= ") values (";
            reset($_POST);
            foreach ($_POST as $ke => $val) {
                $sql.= "'$val',";
            }
            $sql = preg_replace('/,$/', '', $sql);
            $sql .= ")";
            //echo $sql;
            //exit;
            mysql_query($sql);
            echo "<script type='text/javascript'>alert('注册成功!');</script>";
            $id = mysql_insert_id();
            if ($type == 'cookie') {
                $this->set_cookie($name, $id, $pass, $path);
            } elseif ($type == 'session') {
                $this->set_session($name, $id, $pass, $path);
            }
        }
    }

    /**  设置session会话
     *
     * @param string $name 需要设置的session的值
     * @param string $pass 需要设置的session的值
     * @param string $path 成功后页面跳转的路径
     *
     * */
    private function set_session($name, $id, $pass, $path) {
        $_SESSION['name'] = $name;
        $_SESSION['id'] = $id;
        $_SESSION['shell'] = md5($name . $pass);
        //echo "<script type='text/javascript'>location.href='$path';/script>";
        header("location:$path");
    }

    /**  设置cookie会话
     *
     * @param string $name 需要设置的cookie的值
     * @param string $pass 需要设置的cookie的值
     * @param string $path 成功后页面跳转的路径
     *
     * */
    private function set_cookie($name, $id, $pass, $path) {
        $cookie_time = $_POST[$this->form_cookie_time] ? $_POST[$this->form_cookie_time] : 2592000;
        echo "<script type='text/javascript'>document.cookie=\"name=" . $name . "\";document.cookie=\"shell=" . md5($name . $pass) . "\";document.cookie=\"id=" . $id . "\";</script>";
//            setcookie('name',$name,mktime()+$cookie_time);
//            setcookie('id',$id,mktime()+$cookie_time);
//            setcookie('shell',md5($name.$pass),mktime()+$cookie_time);

        echo "<script type='text/javascript'>location.href='$path';</script>";
        //header("location:$path");
    }

    /**  取得密码提示
     *
     * @param string $passts 密码提示的字段名
     * @return string $row   密码提示内容
     *
     * */
    public function get_passts() {

        $name = str_replace(" ", "", $_POST[$this->form_user]);
        $fet = mysql_query("select * from $this->table_name where `$this->table_user`='$name'");
        $row = mysql_fetch_assoc($fet);
        if (!is_array($row)) {
            echo "<script type='text/javascript'>alert('没有该用户');location.href='" . $_SERVER['PHP_SELF'] . "?wj=yes';</script>";
            return false;
        }
        return $row;
    }

    /**  用密码提示登录
     *
     * @param string $passform 密码提示答案的数据库表字段名
     * @param string $passts   密码提示的答案内容
     * @param string $path     登录成功后跳转页面
     * @param string $type     登录成功设置会话类型
     *
     * @return array $row      答案错误返回该用户信息
     *
     * */
    public function login_passts($passform, $passts, $path, $type='cookie') {

        $name = str_replace(" ", "", $_POST[$this->form_user]);
        $fet = mysql_query("select * from $this->table_name where `$this->table_user`='$name' and `$passform`='$passts'");
        $row = mysql_fetch_assoc($fet);
        if (!is_array($row)) {
            echo "<script type='text/javascript'>alert('答案错误');</script>";
            $fet = mysql_query("select * from $this->table_name where `$this->table_user`='$name'");
            $row = mysql_fetch_assoc($fet);
            return $row;
        }
        $pass = $row[$this->table_password];
        if ($type == 'cookie') {
            $this->set_cookie($name, $pass, $path);
        } elseif ($type == 'session') {
            $this->set_session($name, $pass, $path);
        }
    }

    /**  修改密码
     *
     * @param array  $array 该用户的信息
     * @param string $passj 原密码
     * @param string $passx 新密码
     *
     * */
    public function set_pass($array, $passj, $passx) {

        $passj = md5($passj);
        if ($array[$this->table_password] != $passj) {
            echo "<script type='text/javascript'>alert('密码错误');</script>";
            return false;
        }
        $name = str_replace(" ", "", $array[$this->table_user]);
        $passx = md5($passx);
        mysql_query("update $this->table_name set `$this->table_password`='$passx' where `$this->table_user`='$name'");

        return true;
    }

    function __destruct() {
        
    }

}

$login = new login('user', 'psw', 'se_userinfo', 'user', 'psw');

/*
  if ($_GET['logout'] == 'y') {
  $login->logout();
  //header('location:index.php');
  //header('Refresh:0; url=index.php');
  echo "<script type='text/javascript'>location.href='index.php';</script>";
  }
 */
?>